The economic impact of Russian hacking on the Ukraine economyYakiv Smolii, First Deputy Governor of the National Bank of Ukraine, explains how business development in Kiev has flourished in spite of cyberwar, kinetic war, and overt hacking designed to subvert the economy.

"It's not so much an attack on critical infrastructure, but rather an attack on the confidence and psychology of a nation," said Chris Inglis, former deputy director of the National Security Agency, speaking at World Cyber Security Congress event in London.

Attacking critical infrastructure and spreading disinformation is a powerful combination: after all, the reason that governments exist is to make sure the citizens of a country remain safe. Such tactics have been tried out in Ukraine over the last few years.

"We've now got a nation-state actor which is effectively holding at risk the Ukrainian power grid, who's managed to affect it and disrupt it twice at a time and place of their choosing -- and it could've been a lot worse," said Pete Cooper, non-resident senior fellow in the Cyber Statecraft Initiative at the Atlantic Council, a think-tank focusing on international affairs.

"We're really starting to see adversaries at nation-state level and down who are attacking trust in our critical services."

Similar tactics are being used outside of Ukraine too. Last December, hackers intentionally used malware to shut down a critical infrastructure firm in the Middle East. Researchers at FireEye said this sort of approach has previously been carried out by Russian, Iranian, North Korean, US, and Israeli nation-state actors.

"We've really got to think about the fact our adversaries are attacking more than just our technology. Our adversaries are now starting to critically undermine the trust that our stakeholders have," said Cooper.

There are many in the cybersecurity industry who would argue that technology alone can solve this problem -- protect systems with the relevant tools to keep them safe from attacks. But this is perhaps ignoring the wider issue: there isn't an antivirus product to protect against declining faith in big institutions, or to defend against fake news.

"The bigger system, that's the thing we have to defend, not just the technology. While we're focusing on protecting the technology, our adversaries are focused on attacking the system. And by attacking the system, they're critically undermining the trust in that system," said Cooper.

In order to achieve that, it can't just be about "looking for our technology comfort blanket," he said, adding: "we're going to find it lacking".

The very nature of this form of cyberwarfare means it is often hard to attribute an attack to a particular group or state. However, governments are putting more effort into attribution as one way to shame -- and deter -- attackers. In some cases, researchers and law enforcement have been able to identify the culprits behind attacks: for example, WannaCry was attributed to North Korea.

"You take a look at what the North Koreans in spring 2017 [WannaCry]. Unless that behaviour is checked, we can expect a recurrence of that in 2018, 2019, 2020. It's a not a question of if, but rather a question of when," said Inglis.

The answer, he said, is some sort of reaction with "consequences" in retaliation to these attacks, otherwise the likes of Russia and North Korea will repeatedly launch campaigns to disrupt and undermine the West.

Governments should be in charge of any reaction. "They can impose consequences; there can be collective action against other nation-states and entities that look like nation-states."

But while the US has introduced additional sanctions on Russia for launching "the most destructive and costly cyberattack in history" in the form of NotPetya, it's beyond doubt that we haven't seen the last of attacks against critical infrastructure.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.